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settings might best be stored using LDAP, or Berkeley DB. HTTP, a protocol, might 
be used plain, or over Secure Sockets Layer (SSL) or Transport Layer Security 
(TLS) protocols, aka HTTPS. WebDAV extensions to HTTP should ceyJd be used or 
supported. Further known elements of software architecture that may make a 
difference in performance, reliability, and scalability include memory management, 
and concurrency management, and those are within the skill of those in the art to 
identify and implement. 

On page 20, line 12, please take out the words -permanently-displayed* and put 
in their stead the word "permanently displayed" thereby removing the hyphen. 

Another sequence which shows a few steps in the same implementation of the 
present invention is Figures 15, 16. 17, 18. 19, 20, 21, 22, 23. These sequences 
are not shown proportionally in time. i.e. some of the steps shown here would be 
shown for a second only once 8n operator has become familiar with their 
dynamics, while some of the steps would be on the screen for extended periods of 
time. These intermediate steps are essential for operator comprehension. The 
intermediate steps had to and will have to be designed with the same attention to 
detail as the more pormanont l y display ed permanently disolaved steps. 
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On page 23, line 24, please take out the word "menus'' and put in its stead the 
word "menu" thereby removing the "s'\ 

The present invention departs from prior art In that a set of display regions for 
graphical representations of the results of transformations applied to the structured 
data which defines the access control settings for the resource appear integrated 
with a familiar display region for a representation of the resource, e.g. with the 
main view in word processing software, or with the main view in Web browser 
software, A number of functions should be Implemented which modify the layout 
of the display regions, e.g. horizontal or vertical, or different relative or absolute 
sizes, and those functions should be available for invocation by the operator, e.g. 
through mouse gestures, or through key combinations. Also, functions may be 
implemented which modify the number of the display regions, I.e. add or remove 
some, and those functions should be available for invocation by the operator, e.g. 
through mouse gestures, or through key combinations. Further, a number of 
functions should be implemented which modify the transformations, either slightly, 
by modifying transformation parameters, or fundamentally, by switching 
algorithms, or in other ways, and those functions should be available for 
invocation by the operator, e.g. through mouse gestures, through key 
combinations, through mews menu choices, or through dialog boxes. 



PAGE 4/19 * RCVD AT 1/28)2005 1 1 :52:49 AM [Eastern Standard Time] ' SVfcO^foff ^F-lJ^DNIS:8729306 1 CSID:61 05663660 1 DURATION (mm-ss):09-30 



01/2,7/2005 23:52 6105663660 



LIPTON, WEINBERGER 



PAGE 05 



PATENT 
Appln. No. 10/802,658 
Filing Data: 3/17/2004 

On page 24, line 26, please take out the word "menus" and put in its stead the 
word 'menu" thereby removing the "s". 

The present invention further, and most visually striking in the context of access 
control, can graphically represent users by displays that comprise a photographic 
likeness of the user. Each photographic likeness should be processed by a method 
which, depending on quality desired to achieve and depending on computation 
effort willing to expend, comprises one or several of the steps of: (1) adjusting 
image color saturation toward a predetermined target saturation level; (2) 
converting to grayscale; (3) adjusting image brightness toward a predetermined 
target brightness level; (4) adjusting image contrast toward a predetermined target 
contrast level; (5) adjusting image sharpness toward a predetermined target 
sharpness level; and (6) masking with a shape such as an oval or an outline of a 
bust, the steps to be taken in an order that depends on which of these steps. A 
number of functions should be implemented which for an individual user result in 
different graphical representations, e.g. photo id, business card, icon, or name 
plate, and those functions should be available for selection by the operator, e.g. 
through monuo jgaaoy choices or through dialog boxes, for immediate and 
subsequent use. 

On page 31 , lines 8 and 9, please take out the ~?" after the word time and put in 
its stead 

An implementation could allow the setting of preferences that govern how 
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accesses are put together, and how they are displayed in a compact way until or 
unless the operator interacts with the user interface to see more detail. Example 
scenarios include; The operator might want to know whether a user has read a 
resource an excessive number of times^ E.g. if it is a paid service, or a resource 
intensive service Maybe the operator by default only wants to know when user 
has read a resource the first time?* E.g. if it has been a request to deliver a 
product, or to perform a task. Different applications, different preferences. 

On page 31, line 18 after the word "order'' please insert the words "or other 
physical location map". 

An implementation could use a seating order nr nther physical location map based 
view instead of a table view. If well integrated with other sections of this 
disclosure, the operator could click on individuals to enable or disable writing or 
reading. 

On page 31, line 26, please take out the word "are" and put in its stead the word 
"region". 

A specifically useful configuration of the present invention is when the set of 
display regions simultaneously comprises: (1) A familiar display region for a 
representation of the resource, e.g. the main view in word processing software, or 
the main view in Web browser software, (2) a display region for a graphical 
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representation of the set of groups and users and their respective access privileges 
defined by existing structured data for the resource, i.e. for easy review and 
manipulation of the settings, (3) a display a*e CftoJon representing access log 
information for the resource, i.e. to show who actually did or did not access the 
resource and when, and (4) a display region for known users and groups which 
remains hidden unless activated by the operator, i.e. to allow modification of 
access control settings for the resource by simply dragging indicia for known users 
and groups. See above for description of Figure 9. 

On page 32, line 12 after the word "module" please insert the words "writing into 
a database". 

In an implementation that builds upon Apache Web server software much of the 
information needed for this kind of log display could be retrieved from standard 
Apache log files. It is possible, however, to achieve specific performance goals by 
implementing appropriate logging hook functions in a custom Apache module 
writing Into a database. 

On page 45, line 14 after the word "user" please insert the words "or a group" 
and take out the words "an abstract" and put in their stead the word "another". 



One can expect implementations where a user or a group »s replaced by a* 
abstfaet matter concept, e.g. something like a role. The theory and principles of 
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the present invention still would be applicable. 



On page 47, line 23, please take out the word "their" and put in its stead the 
word "his". Also on page 47, line 25 take out *,)* and put in Its stead 

While the invention has been described in its preferred embodiments, it is to be 
understood that the words which have been used are words of description rather 
than of limitation and that changes may be made within the purview of the 
appended claims without departing from the true scope and spirit of the Invention 
in its broader aspects. Rather, various modifications may be made in the details 
within the scope and range of equivalents of the claims and without departing 
from the spirit of the invention. The inventor further requires that the scope 
accorded theif M§ claims be in accordance with the broadest possible construction 
available under the law as it exists on the date of filing hereof (and of the 
application from which this application obtains priority^!* and that no narrowing of 
the scope of the appended claims be allowed due to subsequent changes in the 
law, as such a narrowing would constitute an ex post facto adjudication, and a 
taking without due process or Just compensation. 
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